About
Security Analyst with around 5+ years of progressive experience in cybersecurity. Skilled in evaluating business systems to identify risks and compliance challenges, with a strong ability to develop sustainable security solutions that enhance protection and resilience.
Skills & Expertise (25)
Work Experience
Security Analyst
TCS
Nov 2020 - Present
Highly hands-on experience in Azure Security, including creating playbooks, runbooks, automation rules, and implementing data connectors and onboarding agents. Experience in managing Defender firewall policies, device exceptions, and other security rules via the Defender Intune portal. File blocking, virus definition reporting, and end point reporting. Experienced in creating group policies and assigning roles using the Intune console. Good knowledge of creating playbooks using the predefined Logic Apps, implementing data connectors, and creating the log analytics workspaces using Azure Sentinel. Experience in creating playbooks, runbooks, and automation rules in Azure Sentinel using the conditions to autoclose incidents. Experience with log analysis and incident management using Splunk Enterprise Security. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Experience in handling and creating AWS workspaces, deploying ISO files, and onboarding them into Defender 365. Experienced in initiating vulnerability scans on production and non-production servers to fetch automated reports on the impact of the applications, and exposed devices of the vulnerability. Monitoring, analysing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices and analysing the logs to find suspicious activities. Experience in creating Log Analytics workspaces, creating conditional access policies, and creating detection rules using Defender 365 and Azure Sentinel. Experienced in creating and fine-tuning compliance policies and ASR rules using the Intune portal. Experienced in examining suspicious emails for malicious content and providing recommendations on remediation actions using Office 365. Performed root cause analysis for the incidents reported at the security operations center. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Experience with the Rapid7 Vulnerability Management tool to perform vulnerability scanning and reporting. Experience in creating runbooks, SOPs, and documents supporting Security Operations. Good hands-on experience with creating use cases and custom detection rules related to SPL and KQL. Experience in writing correlation rules and monitoring the Enterprise Security Application. Experience in integrating threat intelligence into Sentinel to fetch threat feeds and correlate them with real-time logs for my daily investigations. Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, which include Office 365 email security solutions. Experience in configuring the ServiceNow ticketing tool with Defender and Splunk to automatically create a ticket in ServiceNow for work notes, and to maintain records. Prepare Endpoint Compliance reports and initiate the remediation activities wherever required. Good knowledge of the MITRE ATT&CK framework, the diamond model, and other cyber threat kill chains. In-depth understanding of the latest techniques used by attackers for persistence, privilege escalation, defence evasion, and lateral movement. Proficient in security tools and technologies such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners. Implementation of use cases using KQL with complex correlation across different data sources in Azure Sentinel. Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Experience in onboarding and off-boarding Windows Server 2016 R2 and 2019 by installing the MMA/unified agent and troubleshooting server-level issues using the MDE- Client analyzer. Good knowledge in analyzing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Update and closure of SOC, security incidents/tickets under Service Level Agreement. Preparation of reports such as the SIEM Health Checklist, Daily Cyber Watch report, and Process Document. Preparation of SOP - Standard Operating Procedure for the SIEM alerts raised, reports, and all the new tasks in the SOC environment. Experienced in whitelisting and blacklisting web applications using MCAS. Experience in analysing phishing and malicious email campaigns to identify IOCs, contain those IOCs, and implement an email fraud defence to secure the environment from hackers and fraudsters. Perform health checks for AV infrastructure, and distribute reports regularly. Responding to in-house queries and guiding users with threat remediation strategies, and best security practices. Experience in creating log analytic workspaces and policies in Azure Sentinel, with good hands-on experience in creating automation rules to auto-close incidents. Experienced in analyzing the Azure audit logs and sign-in logs of the user, checking the interactive and non-interactive sign-ins of the Azure account-related domains.
Education
M.B.A - Sri Y.N College
- 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (25)
Click a skill to find developers with the same skill
